Google confirms fraudulent account created in law enforcement portal

pSonicWall Firewall configs stolen for all cloud backup customersppNew FileFix attack uses cache smuggling to evade security softwareppHackers claim Discord breach exposed data of 55 million usersppGoogles new AI bug bounty program pays up to 30000 for flawsppHarvard investigating breach linked to Oracle zeroday exploitppThe 380 refurbished Surface Laptop 3 with i7 performance and 16GB RAMppFake Inflation Refund texts target New Yorkers in new scamppGet your first year of Sams Club membership for 15 MSRP 50ppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppGoogle has confirmed that hackers created a fraudulent account in its Law Enforcement Request System LERS platform that law enforcement uses to submit official data requests to the companyppWe have identified that a fraudulent account was created in our system for law enforcement requests and have disabled the account Google told BleepingComputerppNo requests were made with this fraudulent account and no data was accessedppThe FBI declined to comment on the threat actors claimsppThis statement comes after a group of threat actors calling itself Scattered Lapsus Hunters claimed on Telegram to have gained access to both Googles LERS portal and the FBIs eCheck background check systemppThe group posted screenshots of their alleged access shortly after announcing on Thursday that they were going darkppThe hackers claims raised concerns as both LERS and the FBIs eCheck system are used by police and intelligence agencies worldwide to submit subpoenas court orders and emergency disclosure requestsppUnauthorized access could allow attackers to impersonate law enforcement and gain access to sensitive user data that should normally be protectedppThe Scattered Lapsus Hunters group which claims to consist of members linked to the Shiny Hunters Scattered Spider and Lapsus extortion groups is behind widespread data theft attacks targeting Salesforce data this yearppThe threat actors initially utilized social engineering scams to trick employees into connecting Salesforces Data Loader tool to corporate Salesforce instances which was then used to steal data and extort companiesppThe threat actors later breached Saleslofts GitHub repository and used Trufflehog to scan for secrets exposed in the private source code This allowed them to find authentication tokens for Salesloft Drift which were used to conduct further Salesforce data theft attacksppThese attacks have impacted many companies including Google Adidas Qantas Allianz Life Cisco Kering Louis Vuitton Dior Tiffany Co Cloudflare Zscaler Elastic Proofpoint JFrog Rubrik Palo Alto Networks and many moreppGoogle Threat Intelligence Mandiant has been a thorn in the side of these threat actors being the first to disclose the Salesforce and Salesloft attacks and warning companies to shore up their defensesppSince then the threat actors have been taunting the FBI Google Mandiant and security researchers in posts to various Telegram channelsppLate Thursday night the group posted a lengthy message to a BreachForumslinked domain causing some to believe the threat actors were retiringppThis is why we have decided that silence will now be our strength wrote the threat actorsppYou may see our names in new databreach disclosure reports from the tens of other multi billion dollar companies that have yet to disclose a breach as well as some governmental agencies including highly secured ones that does not mean we are still activeppHowever cybersecurity researchers who spoke with BleepingComputer believe the group will continue conducting attacks quietly despite their claims of going darkppUpdate 91525 Article title updated as some felt it indicated a breachppJoin the Breach and Attack Simulation Summit and experience the future of security validation Hear from top experts and see how AIpowered BAS is transforming breach and attack simulationppDont miss the event that will shape the future of your security strategyppSalesforce refuses to pay ransom over widespread data theft attacksppOracle patches EBS zeroday exploited in Clop data theft attacksppShinyHunters claims 15 billion Salesforce records stolen in Drift hacksppFBI warns of UNC6040 UNC6395 hackers stealing Salesforce datappGoogle Chrome to revoke browser notifications for inactive sitesppI wonder what would happen if all these socalled groups joined forces in one massive attack hmmppWho would have thought that giving law enforcement easy access to the system would open it up to others to abuse
Everyone
Really
Yup Everyone knew it would happen
I wonder how many other accounts have been created where the creator did not brag about it onlineppNot a member yet Register NowppFBI takes down BreachForums portal used for Salesforce extortionppWindows 11 23H2 Home and Pro reach end of support in 30 daysppApple now offers 2 million for zeroclick RCE vulnerabilitiesppMake the leapget certified with VMUG Advantage Start your career journey todayppThe role of Artificial Intelligence in todays cybersecurity landscapeppJoin Huntress to discuss all things tradecraft in a monthly meeting of the technical mindsppRedefine security validation with Picus AIdriven Breach and Attack SimulationppSee how Material secures Gmail Drive with EDRstyle detection and rapid responseppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp